ID

VAR-202304-1936


CVE

CVE-2023-22917


TITLE

plural  ZyXEL  Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2023-009323

DESCRIPTION

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file. usg flex 100 firmware, usg flex 100w firmware, USG FLEX 200 firmware etc. ZyXEL The product contains a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-22917 // JVNDB: JVNDB-2023-009323 // VULMON: CVE-2023-22917

AFFECTED PRODUCTS

vendor:zyxelmodel:usg flex 100scope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:vpn100scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp100wscope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp800scope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:vpn50scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp200scope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:vpn300scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp700scope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp500scope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp100scope:lteversion:5.32

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg 20-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn300scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp800scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn1000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-009323 // NVD: CVE-2023-22917

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-22917
value: HIGH

Trust: 1.8

security@zyxel.com.tw: CVE-2023-22917
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202304-1907
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2023-22917
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-009323 // NVD: CVE-2023-22917 // NVD: CVE-2023-22917 // CNNVD: CNNVD-202304-1907

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-009323 // NVD: CVE-2023-22917

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-1907

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202304-1907

CONFIGURATIONS

sources: NVD: CVE-2023-22917

PATCH

title:Zyxel ATP Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=236007

Trust: 0.6

sources: CNNVD: CNNVD-202304-1907

EXTERNAL IDS

db:NVDid:CVE-2023-22917

Trust: 3.3

db:JVNDBid:JVNDB-2023-009323

Trust: 0.8

db:CNNVDid:CNNVD-202304-1907

Trust: 0.6

db:VULMONid:CVE-2023-22917

Trust: 0.1

sources: VULMON: CVE-2023-22917 // JVNDB: JVNDB-2023-009323 // NVD: CVE-2023-22917 // CNNVD: CNNVD-202304-1907

REFERENCES

url:https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-22917

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-22917/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-22917 // JVNDB: JVNDB-2023-009323 // NVD: CVE-2023-22917 // CNNVD: CNNVD-202304-1907

SOURCES

db:VULMONid:CVE-2023-22917
db:JVNDBid:JVNDB-2023-009323
db:NVDid:CVE-2023-22917
db:CNNVDid:CNNVD-202304-1907

LAST UPDATE DATE

2023-12-18T13:00:10.317000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-22917date:2023-04-24T00:00:00
db:JVNDBid:JVNDB-2023-009323date:2023-12-05T05:26:00
db:NVDid:CVE-2023-22917date:2023-05-04T13:28:13.717
db:CNNVDid:CNNVD-202304-1907date:2023-05-06T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-22917date:2023-04-24T00:00:00
db:JVNDBid:JVNDB-2023-009323date:2023-12-05T00:00:00
db:NVDid:CVE-2023-22917date:2023-04-24T17:15:09.833
db:CNNVDid:CNNVD-202304-1907date:2023-04-24T00:00:00